SSH Keys Management¶
Setting up SSH-based security to access your server is a much more effective way than the use of a manual root password. Cracking the security system of a node depending on SSH keys is nearly impossible since it secures your node in a more sophisticated way by the use of encoded keys.
Why is password-based authentication vulnerable?
A server can authenticate & grant access to the users with different access methods. The most basic of these is a password-based authentication, which is easy to use but isn’t the most secure. Modern processing power combined with automated scripts makes brute-forcing a password-protected account very possible since passwords generally are not complex. SSH keys prove to be a reliable and secure alternative.
What are SSH keys?
SSH key pairs are two cryptographically secure keys that can be used to authenticate a client to an SSH server. Each key pair consists of a public key and a private key.
The private key is retained by the client on his local machine and should be kept secret. Any compromise of the private key will allow the attacker to log into servers that are configured with the associated public key without additional authentication. As an additional precaution, the key can be encrypted on disk with a passphrase.
The public key is uploaded onto the remote server that you want to be able to log into with SSH. When a client attempts to authenticate using SSH keys, the server can test the client on whether they are in possession of the private key. If the key-pair matches, then a shell session is spawned, or the requested command is executed.
How do SSH keys work?
- A key pair will be generated on your local PC.
- Generating a key pair provides you with two long string of characters: a public and a private key.
- The public key will be added to your node.
- The corresponding private key pair will be saved on your local PC.
- Every time you access your node, the SSH system will lookup for the private key pair of the public key added to it. The system will unlock only when the two keys match.
- You can also disable the root password after the SSH keys are set up.
Secure the private key: Make sure that you add the public key to the servers and the private key is saved in a secure location on your PC.
Manage SSH Keys¶
This guide shows you how to access & manage your SSH keys into E2E Networks My Account portal.
Logging into E2E Networks ‘My Account’¶
Please go to ‘My Account’ and log in using your credentials set up at the time of creating and activating the E2E Networks ‘My Account’.
Add/Delete SSH Keys¶
If you do not have SSH keys and want to create an SSH key pair to access your node then follow the tutorial for your computer OS.
ADD SSH Keys¶
Click on Add Key button
You need to label your SSH key (optional) field for easy identification purpose.
You can either load the file to add public SSH Key by clicking the ‘Load from file’ or paste the contents of your public SSH key (copy it as it is and paste it in) in the SSH Key content field.
Before you paste your public SSH keys into your content field, you must check the format of each public SSH key file that you plan to add.
After adding the public key, you need to click the ‘Add Key’ button. you will be automatically routed to the ‘Manage SSH Keys’ page.
Similarly, you can store multiple SSH Public Keys into My Account & may assign them to the E2E node , which will be accessible to multiple users with different SSH keypairs.
Delete SSH Keys¶
To remove a public key, click on the delete button which will permanently delete your public key.
Any user accessing the node from the SSH keypair will not be able to access the node once the key is removed from My Account.
Using an SSH Key¶
Now the SSH key is added to your My Account which can be used with any new virtual compute node that you create in the future by simply selecting the public key during a virtual compute node creation process
you can also enable/disable password-based authentication for SSH access to the server . In case required, root and user password can be reset .